From: Tim Starling <tstarling@users.mediawiki.org>
Date: Thu, 1 Jul 2004 12:59:09 +0000 (+0000)
Subject: Conducting a conversation by means of comments
X-Git-Tag: 1.5.0alpha1~2730
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/journal.php?a=commitdiff_plain;h=657b3947618ed82668d69dabe38c5bfdd3cda8f7;p=lhc%2Fweb%2Fwiklou.git

Conducting a conversation by means of comments
---

diff --git a/includes/Title.php b/includes/Title.php
index 35ae3e8391..87d7e96674 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -188,8 +188,16 @@ class Title {
 		# Missing characters:
 		#  * []|# Needed for link syntax
 		#  * % and + are corrupted by Apache when they appear in the path
-		#  * % seems to work though
-		# 
+		#
+		# % seems to work though
+		#
+		# The problem with % is that URLs are double-unescaped: once by Apache's 
+		# path conversion code, and again by PHP. So %253F, for example, becomes "?".
+		# Our code does not double-escape to compensate for this, indeed double escaping
+		# would break if the double-escaped title was passed in the query string
+		# rather than the path. This is a minor security issue because articles can be
+		# created such that they are hard to view or edit. -- TS
+		#
 		# Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but
 		# this breaks interlanguage links